Users
|
OS |
VMWare plugin/Standalone |
Installation user |
Running user |
|
Linux |
Standalone |
Account specified by operator in UI (ROOT or Sudoers) |
Account specified by operator in UI (ROOT or Sudoers) |
|
Windows |
Standalone |
Account specified by operator in UI (Admin level) |
SYSTEM |
|
Windows |
VMWare plugin |
Uses the user that "VMWare tools" application is running as |
SYSTEM |
Installation Permission and Location
Permissions
The JetPatch Connector installation files need read/write/execute permission to the following locations:
Windows
- C:\\Windows\Temp
- C:\\Program files\
Linux
- /tmp
- /var/run
Locations
- Windows: The installation target is configurable. See article
- Linux: The installation target is configurable. See article
- Windows: C:\Program Files\Intigua\
- Linux\Unix: /usr/local/intigua
Protocols
Communication between JetPatch server and endpoints is based on one of the following three protocols:
Note: The primary protocol is WEB once the connector is installed. If the primary protocol is down, then it will fall back to SSH and SMB, depending on OS.
- From Endpoints to JetPatch -
- HTTPS (443) - Whenever an operation can be done using Web - it will (ok for upgrading connector and removing the connector).
- From JetPatch to Endpoints -
- SSH (22) - For operations on Linux/Unix (only required if installing the connector on Linux/Unix machines from JetPatch console). The connector can be deployed outside of JetPatch with non-SSH alternatives, see link for details.
- SMB2 (445) - For operations on Windows machines (only required if installing the connector on Windows machines from JetPatch console). The connector can be deployed outside of JetPatch with non-SMB alternatives, see link for details.
These three protocols are used to perform one of the following operations:
- Install Agent
- Uninstall Agent
- Install Patch
- Uninstall Patch
- Run Task (including Workflow tasks)
- Start Agent
- Stop Agent
- Get the status of the connector
- Change connector configuration
- Retrieve connector logs
In addition, these protocols perform scripting and patching operations.
Each of these operations has it's own time-out (for example - time out for install operation is 5 minutes). In addition to the operation time-out - each driver (protocol) has its own growing-scale retry mechanism. Meaning that each failure will result in a longer suspension until the next try (for example - first suspension of 1 second, second suspension of 2 seconds, third of 4 seconds and so on up until 1 minute).
Connector Files and Processes
JetPatch executes two primary types of processes on endpoints:
- JetPatch Connector: A client process to the JetPatch Manager Console. The connector both runs and stops patch management processes and managed agent containers in accordance with commands from the JetPatch Manager Console, and passes status updates from managed agents to the server.
- Managed Agent Containers (Agent Management Module): Each agent is wrapped in a Container that includes a virtual registry and virtual resources. The Container ensures that the agent works without affecting existing DLLs, registry, or services, and performs throttling and watchdog functions.
By default, JetPatch connector and managed agent files are stored in the following locations on endpoints:
|
OS |
Parent Directory |
Intigua subdirectory |
Managed agent subdirectory |
|---|---|---|---|
|
Windows |
%Program_Files%\Intigua\ |
vAgentManager |
Intigua-Libs |
|
Linux |
/usr/local/intigua/ |
|
|
The Parent Directory is configurable in connector management services.
The following services, links and processes exist on endpoints:
|
OS |
Service / Link |
Intigua / Process |
Intigua Wrapper |
Helper |
Method |
|---|---|---|---|---|---|
|
Windows |
Service: vAgentManager |
Intigua vlinkprocess jetpatch_enduser_app |
vlinkservice |
vagent_manager<32|64>.exe (Kernel-mode agents only) |
DLL injection |
|
Linux |
Symbolic link: S30vlink, in /etc/rc5.d |
vlink |
|
|
LD_PRELOAD injection |
Comments
0 comments
Please sign in to leave a comment.